• United States



sarah d_scalet
Senior Editor

4 Google Searches to Run on Your Own Company

Dec 01, 20063 mins
Application SecurityGoogleHacking

Recommended Google hacking points from Nish Bhalla, founder of the consultancy Security Compass -www

What you’re looking for: registered domains

At most companies, the primary public domain starts with www, as in This search lets you look at URLs Google has crawled that contain your com­pany’s domain name but not the letters www. It can identify other domains that your company has made public, such as or

Its purpose is twofold. You might not want all those domains crawled by search engines. If not, you have some work to do in reconfiguring those systems. If you do want the domains made public, be sure to include them in the rest of the searches you do.


What you’re looking for: passwords

The protocol for a user name and password is “username:password”. For example, if my user name were “csowriter” and my password were “cat,” it would appear (if published) as “csowriter:cat”. Using the “*:*” string (the asterisk is a wild card) allows you to look for any data that fits this format that has been posted either inadvertently on your own website or maliciously elsewhere on the Web. Be warned, however, that this search reveals a lot of false positives.

While you’re at it, another way to look for passwords is by searching your site for the text “index.of.password”. This searches for a directory named “password,” which may contain some interesting files. Here, no hits is a good thing.

intitle:”Apache Tomcat” “error report”

What you’re looking for: technologies used

If your company inadvertently exposes the types of technologies it uses, hackers can exploit that information. Suppose you use Apache Web servers. A misconfigured Apache Web server commonly produces a page with “Apache Tomcat” in the title and “error report” in the text. If you search the Web, you’ll find numerous websites that have inadvertently revealed they are running on Apache Web servers. Adding the “” string at the end limits the search to one domain.

Once a hacker knows your company is running an Apache Web server, he can run targeted searches. For instance, Apache also produces error messages that begin with “access denied for user” and “using password,” which may reveal user names and passwords. So you can search for those strings too.

Mind you, this is just an example. Figure out what common error messages are generated by the Web servers and application servers that your company uses, and then run site searches for those.


What you’re looking for: log-in portals

Remote Desktop is a piece of software used by IT admins to gain remote access to computers—either to do maintenance on remote laptops, or to log on to office computers from home to fix a problem. But these portals can also provide a useful back door, because they give the hacker a place to try to enter user names and passwords.

Again, modify the search to fit your company’s technology. For instance, “VNC Desktop inurl:5800” will help you find log-ins for Virtual Desktop Computer, another popular type of remote access software.

–Sarah D. Scalet